AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface is established. The residual risk is agent-extension behavior: runtime FlowMind initialization may auto-import first-party SDD-Agent resources into FlowMind's own ~/.flowmind namespace and expose skills via a package-owned MCP server.
Decision evidence
public snapshot- core/index.js auto-runs SDD-Agent sync during FlowMind init when ~/.sdd-agent/resource-config.json exists.
- core/sdd-agent-sync.js writes imported config/learning/source files into ~/.flowmind and can discover ~/.claude/debug metadata.
- bin/flowmind.js saves user-provided AI/MCP config under ~/.flowmind during explicit init/resource commands.
- mcp/server.js exposes FlowMind skills as MCP tools at runtime.
- package.json has no npm lifecycle hooks, so no install-time execution.
- No unconsented writes to .claude, Codex, Cursor, MCP config, shell startup, VCS hooks, or OS autostart found.
- Package-manager execution is limited to explicit update checks/suggestions, not silent installs.
- Network calls are package-aligned AI/provider, npm version check, or user-configured MCP endpoints.
- Dynamic require in config-manager loads local flowmind.config.js only as a user config file.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
core/update-notifier.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/flowmind.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/flowmind.jsView on unpkg · L3568Package source references dynamic require/import behavior.
core/honor-engine.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
demo/common.shView on unpkg